- HTTP auth password appears to be cached and reused
unless replaced by a non-empty string. When user-supplied
password is empty, use some arbitrary string "x" as the
password.
- Make username required for generic URL as well.
- Also clear password buffers after use.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Download profile from AS or URL use blocking network calls
in the main thread. Set reasonable timeouts for connect
and receive.
TODO: This is not perfect as the download can still stall
in erratic links, and we have no way to abort. Ideally
we should either use Async calls and/or threads.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
For Import from URL, require that response
from server must have
content-type: application/x-openvpn-profile
This reduces chances of mistyped input causing
import of random html pages as connection profile.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
ParseUrl extended to parse generic URLs and parse
the path. DownloadProfile() function re-factored
for reuse with generic URL.
Also:
- INTERNET_FLAG_RELOAD added to the request
call to force reloading the data from server instead
of using possibly cached data.
- Input box for URL extended in length to about
50 characters wide.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Allow users to bypass HTTPS is not good, but may nevertheless be useful during development.
DEBUG macro is widely used in openvpn-gui code but was missing from CMakeLists.txt, so add it there.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
When 2FA is enabled, server (such as AS)
replies with HTTP 401 and issues a challenge.
Use existing facilities to parse CRV message
and prompt user for a response, then call REST
method again with encoded response as HTTP auth password.
See https://github.com/OpenVPN/openvpn3/blob/master/doc/webauth.md#challengeresponse-authentication
for more information.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Use WinInet to download profile into memory buffer.
If there are certain certificate errors (invalid CN,
wrong date, unknown CA, revocation check failed),
ask if user wants to continue.
Extract profile name from content, sanitize name and
save profile in temp directory. Then import profile
using existing facilities.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This is the first patch from series which implemets
importing profile from URL, currently implemented
by OpenVPN Access Server.
Move "Import from file" menu item under new "Import"
item. Add "Import from AS..." item under "Import", which
opens new profile import dialog.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Selva Nair